https://en.wikipedia.org/wiki/Pwn2Own
http://blog.trendmicro.com/results-pwn2own-day-three/http://blog.trendmicro.com/results-pwn2own-2017-day-two/http://blog.trendmicro.com/results-pwn2own-2017-day-one/
Next up, Samuel Groß and Niklas Baumstark earned some style points by leaving a special message on the touch bar of the targeted Mac. They employed a use-after-free (UAF) in Safari combined with three logic bugs and a null pointer dereference to exploit Safari and elevate their privileges to root in macOS. Unfortunately, the UAF had already been corrected in the beta version of the browser, but this bug chain still netted them a partial win, garnering them $28,000 and 9 Master of Pwn points.
The day in Track B started with Tencent Security Team Shield deciding to withdraw their attempt to exploit Apple macOS.Conversely, the team from 360 Security didnt waste any time by demonstrating a successful elevation of privilege on Apple macOS. They used an info leak and race condition in the kernel. In doing so, they garnered $10,000 and 3 more points for Master of Pwn.Not waiting around, the 360 Security came right back to successfully exploit Apple Safari through an integer overflow and then escalated to root using a macOS kernel UAF. This earned them another $35,000 and 11 more Master of Pwn points.Following them, the Chaitin Security Research Lab succeeded by performing an elevation of privilege in macOS through an info leak and OOB bug in the macOS kernel. In doing so, they netted $10,000 and 3 more Master of Pwn points.The next entry in Track B ended in disqualification as the Tencent Security Sword Team targeted Apple macOS with bugs already reported and known to vendor.
Conversely, the team from 360 Security didnt waste any time by demonstrating a successful elevation of privilege on Apple macOS. They used an info leak and race condition in the kernel. In doing so, they garnered $10,000 and 3 more points for Master of Pwn.
Not waiting around, the 360 Security came right back to successfully exploit Apple Safari through an integer overflow and then escalated to root using a macOS kernel UAF. This earned them another $35,000 and 11 more Master of Pwn points.
Following them, the Chaitin Security Research Lab succeeded by performing an elevation of privilege in macOS through an info leak and OOB bug in the macOS kernel. In doing so, they netted $10,000 and 3 more Master of Pwn points.
The next entry in Track B ended in disqualification as the Tencent Security Sword Team targeted Apple macOS with bugs already reported and known to vendor.
Pieterr om 9:05, 18-03-2017earned some style points by leaving a special message on the touch bar of the targeted Mac.
"style points", inderdaad erg nerdy!
Gast
